Compare commits
2 commits
48c04a94fa
...
364974f31c
Author | SHA1 | Date | |
---|---|---|---|
alejandro-angulo | 364974f31c | ||
alejandro-angulo | 01409f7ecb |
Binary file not shown.
|
@ -7,15 +7,17 @@ let
|
||||||
node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETLBnc8kJokmFiA28BaSYpeE7flY1W0SM5C1pWv/tOv";
|
node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETLBnc8kJokmFiA28BaSYpeE7flY1W0SM5C1pWv/tOv";
|
||||||
pi4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9fnNXzEmDdmtR+KWj/M9vQioFR0s/4jMnIkUFcj8As";
|
pi4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9fnNXzEmDdmtR+KWj/M9vQioFR0s/4jMnIkUFcj8As";
|
||||||
proxy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAf6Z7SZEOH3H51T/GPIc/B0OpbaydM5l2PP3nMnwpFl";
|
proxy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAf6Z7SZEOH3H51T/GPIc/B0OpbaydM5l2PP3nMnwpFl";
|
||||||
|
git = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8JLy/ipBfOet3/KT7rXOXHDjjmt+VqqQb3V+ILIuDN";
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
"cf_dns_kilonull.age".publicKeys = [users.me machines.node machines.gospel machines.pi4 machines.proxy];
|
"cf_dns_kilonull.age".publicKeys = [users.me machines.node machines.gospel machines.pi4 machines.proxy];
|
||||||
"nextcloud_admin.age".publicKeys = [users.me machines.node machines.gospel];
|
|
||||||
"theengs_ble_mqtt.age".publicKeys = [users.me machines.pi4 machines.gospel];
|
|
||||||
"hass_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel];
|
|
||||||
"teslamate_db.age".publicKeys = [users.me machines.node machines.gospel];
|
|
||||||
"teslamate_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel];
|
|
||||||
"teslamate_encryption.age".publicKeys = [users.me machines.node machines.gospel];
|
|
||||||
"hydra-aws-creds.age".publicKeys = [users.me machines.gospel];
|
|
||||||
"gitea-runner-gospel.age".publicKeys = [users.me machines.gospel];
|
"gitea-runner-gospel.age".publicKeys = [users.me machines.gospel];
|
||||||
|
"hass_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel];
|
||||||
|
"hydra-aws-creds.age".publicKeys = [users.me machines.gospel];
|
||||||
|
"nextcloud_admin.age".publicKeys = [users.me machines.node machines.gospel];
|
||||||
|
"tailscale_git_server.age".publicKeys = [users.me machines.git]; # This key expires, might have to update
|
||||||
|
"teslamate_db.age".publicKeys = [users.me machines.node machines.gospel];
|
||||||
|
"teslamate_encryption.age".publicKeys = [users.me machines.node machines.gospel];
|
||||||
|
"teslamate_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel];
|
||||||
|
"theengs_ble_mqtt.age".publicKeys = [users.me machines.pi4 machines.gospel];
|
||||||
}
|
}
|
||||||
|
|
BIN
secrets/tailscale_git_server.age
Normal file
BIN
secrets/tailscale_git_server.age
Normal file
Binary file not shown.
|
@ -4,9 +4,12 @@
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
domain = "git.alejandr0angul0.dev";
|
domain = "git.alejandr0angul0.dev";
|
||||||
|
secrets = config.age.secrets;
|
||||||
in {
|
in {
|
||||||
imports = ["${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-config.nix"];
|
imports = ["${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-config.nix"];
|
||||||
|
|
||||||
|
age.secrets.authKeyFile.file = ../../../secrets/tailscale_git_server.age;
|
||||||
|
|
||||||
aa = {
|
aa = {
|
||||||
nix.enable = true;
|
nix.enable = true;
|
||||||
|
|
||||||
|
@ -17,6 +20,10 @@ in {
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
openssh.enable = true;
|
openssh.enable = true;
|
||||||
|
tailscale = {
|
||||||
|
enable = true;
|
||||||
|
configureClientRouting = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -25,6 +32,11 @@ in {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.tailscale = {
|
||||||
|
authKeyFile = secrets.authKeyFile.path;
|
||||||
|
extraUpFlags = ["--ssh"];
|
||||||
|
};
|
||||||
|
|
||||||
security.acme = {
|
security.acme = {
|
||||||
acceptTerms = true;
|
acceptTerms = true;
|
||||||
defaults = {
|
defaults = {
|
||||||
|
|
|
@ -76,18 +76,21 @@
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
|
|
||||||
services.gitea-actions-runner.instances = {
|
services.gitea-actions-runner = {
|
||||||
gospel = {
|
package = pkgs.forgejo-runner;
|
||||||
enable = true;
|
instances = {
|
||||||
name = config.networking.hostName;
|
gospel = {
|
||||||
url = "https://gitea.kilonull.com";
|
enable = true;
|
||||||
tokenFile = config.age.secrets.gitea-runner-gospel.path;
|
name = config.networking.hostName;
|
||||||
labels = [
|
url = "https://git.alejandr0angul0.dev";
|
||||||
"ubuntu-latest:docker://node:16-bullseye"
|
tokenFile = config.age.secrets.gitea-runner-gospel.path;
|
||||||
"ubuntu-22.04:docker://node:16-bullseye"
|
labels = [
|
||||||
"ubuntu-20.04:docker://node:16-bullseye"
|
"ubuntu-latest:docker://node:16-bullseye"
|
||||||
"ubuntu-18.04:docker://node:16-buster"
|
"ubuntu-22.04:docker://node:16-bullseye"
|
||||||
];
|
"ubuntu-20.04:docker://node:16-bullseye"
|
||||||
|
"ubuntu-18.04:docker://node:16-buster"
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
virtualisation = {
|
virtualisation = {
|
||||||
|
|
Loading…
Reference in a new issue